McAfee offers security review to compensate companies for bad update

Computerworld - McAfee today announced it would offer business customers affected by last week's flawed update a free one-year subscription to its automated security assessment service.

The company, which has faced a firestorm of criticism for letting the faulty update slip through testing, added that it would throw in other services, products and support packages on a case-by-base basis. "McAfee and McAfee channel partners will be offering a customer commitment package that may contain a combination or selection of services, support and products tailored to each customer situation," the company said on a page dedicated to businesses.

McAfee told its corporate customers it would contact them with details of the compensation program, and urged them to get on the list by connecting with technical support if they had been affected.

Customers are certain to key on the part of today's statement that spells out the free year's subscription to McAfee's security review services. "All affected customers will be offered a free one-year subscription to our automated security health check platform which provides an assessment of the security of an organization or enterprise based on McAfee's best practices," the company said.

McAfee did not specify the services it would offer businesses, but the company sells at least two: McAfee Vulnerability Assessment SaaS for medium- and large-sized companies, and McAfee Anti-Virus Health Check Assessment for small businesses.

Today's compensation program announcement was the second since a McAfee antivirus signature update wrongly identified a critical Windows system file as a low-threat virus last Wednesday. Most of the PCs crippled by the flawed update were in corporations, where hundreds, in some cases thousands of machines running Windows XP Service Pack 3 (SP3) crashed and rebooted repeatedly, and lost all network access.

Earlier, McAfee had promised to reimburse its consumer customers for "reasonable expenses" they incurred repairing their PCs, and said it would extend the security subscriptions of affected consumers by two years.

Today, McAfee defined reasonable expenses as the cost to take a PC to a "local tech support specialist." Previously, a company spokesman had equated that to the fees charged by Best Buy's Geek Squad technical support and repair service. More details are to follow on the consumer reimbursement process, McAfee repeated today.

McAfee is not the first antivirus vendor forced to compensate customers for a damaging signature update. In 2005, Trend Micro spent more than $8 million appeasing customers, most of them in Japan, for a similar fiasco. In 2007, Symantec gave free backup software and extended Norton AntiVirus licenses by 12 months to compensate Chinese users when a buggy updated knocked out their computers.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about Security in Computerworld's Security Topic Center.